There isn't, but you can design an expiration policy for the relevant tokens so they don't ever expire.
--Misagh > From: "Anders Olsen" <[email protected]> > To: [email protected] > Sent: Thursday, February 1, 2018 4:06:54 AM > Subject: [cas-user] [OAuth2] Generate new refresh token when using a previous > refresh-token > Hi everyone! > I am currently working on setting up CAS as the new SSO solution for our > website. > In addition to a traditional website, we also have native apps for Android and > (soon) iOS that uses OAuth2 to authenticate as they need to have offline > capability and thus cannot use a regular session. > I have got most of the OAuth2 functionality to work, using this service > definition: > { > "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService" , > "clientId" : "XXX" , > "clientSecret" : "XXXXX" , > "generateRefreshToken" : true , > "jsonFormat" : true , > "supported_grants" : [ "password" , "refresh_token" ] , > "name" : "OAuth2 (Android)" , > "id" : 201801311512 > } > (Client ID and Secret has been obfuscated..) > This also works fine to gain access tokens: > Using password: > { > "access_token": "AT-1-82jDv1D3pkvex5C1UYjKreBdhhw5omzc", > "token_type": "bearer", > "expires_in": 28800, > "refresh_token": "RT-1-so451CeJyePgl2RmXnefODw0nV9jTAgX" > } > Using refresh token: > { > "access_token": "AT-2-7a6-eLsKlX9-jyYynqFjTqsneLE8WnlN", > "token_type": "bearer", > "expires_in": 28800 > } > However, this means that when the refresh token expires, the user is totally > shut out of CAS and has to re-login with his credentials. > I would like for the user to never have to login again after logging in the > first time. > Our previous OAuth2 server is based on > http://bshaffer.github.io/oauth2-server-php-docs/ and one of the settings > there, under > http://bshaffer.github.io/oauth2-server-php-docs/grant-types/refresh-token/ is > a flag “always_issue_new_refresh_token” which is default false but can be set > to true to give the user a new refresh token whenever the previous refresh > token is used for creating a new access token. > Is there a setting or configuration in CAS that will enable the same behavior > ? > Thank you for your time. > Regards, > Anders Olsen > Softwareudvikler > Software Developer > Tel +45 3328 3800 > DOF / Birdlife Denmark | Vesterbrogade 140 | 1620 København V | www.dof.dk > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups "CAS > Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email > to [email protected] . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B91F9D1-39B8-4549-9AE7-5C4A4E946AF2%40dof.dk > . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1179255480.13661016.1517492875332.JavaMail.zimbra%40unicon.net.
